Self signed on LAN

Help
1

1. Caddy version (caddy version):

2.5.1

2. How I run Caddy:

I run Caddy on ubuntu directly, not on docker. The purpose is to serve SSL and reverse proxy to a Budibase server installed on docker on the same machine

a. System environment:

Ubuntu 22.04

b. Command:

# systemctl restart caddy

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

Paste config here, replacing this text.
Use `caddy fmt` to make it readable.
DO NOT REDACT anything except credentials.
LEAVE DOMAIN NAMES INTACT.
Make sure the backticks stay on their own lines.

3. The problem I’m having:

After executing caddy trust and configuring the Caddyfile using the option " tls internal certs" I was expecting it would work but it did not.

4. Error messages and/or full log output:

Jun 22 09:37:35 budibase01 caddy[39480]: caddy.HomeDir=/var/lib/caddy
Jun 22 09:37:35 budibase01 caddy[39480]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jun 22 09:37:35 budibase01 caddy[39480]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jun 22 09:37:35 budibase01 caddy[39480]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jun 22 09:37:35 budibase01 caddy[39480]: caddy.Version=v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
Jun 22 09:37:35 budibase01 caddy[39480]: runtime.GOOS=linux
Jun 22 09:37:35 budibase01 caddy[39480]: runtime.GOARCH=amd64
Jun 22 09:37:35 budibase01 caddy[39480]: runtime.Compiler=gc
Jun 22 09:37:35 budibase01 caddy[39480]: runtime.NumCPU=4
Jun 22 09:37:35 budibase01 caddy[39480]: runtime.GOMAXPROCS=4
Jun 22 09:37:35 budibase01 caddy[39480]: runtime.Version=go1.18.1
Jun 22 09:37:35 budibase01 caddy[39480]: os.Getwd=/
Jun 22 09:37:35 budibase01 caddy[39480]: LANG=C.UTF-8
Jun 22 09:37:35 budibase01 caddy[39480]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Jun 22 09:37:35 budibase01 caddy[39480]: NOTIFY_SOCKET=/run/systemd/notify
Jun 22 09:37:35 budibase01 caddy[39480]: HOME=/var/lib/caddy
Jun 22 09:37:35 budibase01 caddy[39480]: LOGNAME=caddy
Jun 22 09:37:35 budibase01 caddy[39480]: USER=caddy
Jun 22 09:37:35 budibase01 caddy[39480]: INVOCATION_ID=5346b0aefe414423b3bf38683f2d7767
Jun 22 09:37:35 budibase01 caddy[39480]: JOURNAL_STREAM=8:449323
Jun 22 09:37:35 budibase01 caddy[39480]: SYSTEMD_EXEC_PID=39480
Jun 22 09:37:35 budibase01 caddy[39480]: {"level":"info","ts":1655887055.1816814,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jun 22 09:37:35 budibase01 caddy[39480]: {"level":"warn","ts":1655887055.1825554,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Jun 22 09:37:35 budibase01 caddy[39480]: {"level":"info","ts":1655887055.1831179,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Jun 22 09:37:35 budibase01 caddy[39480]: {"level":"info","ts":1655887055.1832745,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000386c40"}
Jun 22 09:37:35 budibase01 caddy[39480]: {"level":"info","ts":1655887055.1832862,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000386c40"}
Jun 22 09:37:35 budibase01 caddy[39480]: run: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: open internal: no such file or directory
Jun 22 09:37:35 budibase01 systemd[1]: Started Caddy.
Jun 22 09:37:35 budibase01 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Jun 22 09:37:35 budibase01 systemd[1]: caddy.service: Failed with result 'exit-code'.

5. What I already tried:

I’ve tried to run Caddy from a docker compose file, along with budibase, but that did not work.

6. Links to relevant resources:

2

Please completely fill out the help topic template, as per the forum rules.

1 Like
3

Sorry for the lack of information, just edited the request and added all the information I could .
Thank you for your patience
JCV

4

You didn’t provide your config. We can’t help without seeing your config.

Please completely fill out the help topic template.

1 Like
5

Sorry

budibase01.aaaa.prv {

    root * /usr/share/caddy
    
    tls internal certs
   
    templates

    reverse_proxy localhost:10000

}

6

That’s incorrect syntax. Remove the word certs. It should only be tls internal.

Also, since you’re using reverse_proxy, root doesn’t do anything for you.

And are you sure you need templates? Is your upstream app actually responding with Caddy templates that need to be transformed?

7

Hello Francis,
Thank you for your reply.
Removed all that was in excess as you told. Now Caddy starts but I cannot still access https.
Caddy file is now:

budibase01.flosel.prv {
tls internal
reverse_proxy localhost:10000
}

And the log shows:

Jun 23 17:56:13 budibase01 systemd[1]: Starting Caddy

Jun 23 17:56:13 budibase01 caddy[2674]: caddy.HomeDir=/var/lib/caddy
Jun 23 17:56:13 budibase01 caddy[2674]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jun 23 17:56:13 budibase01 caddy[2674]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jun 23 17:56:13 budibase01 caddy[2674]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jun 23 17:56:13 budibase01 caddy[2674]: caddy.Version=v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
Jun 23 17:56:13 budibase01 caddy[2674]: runtime.GOOS=linux
Jun 23 17:56:13 budibase01 caddy[2674]: runtime.GOARCH=amd64
Jun 23 17:56:13 budibase01 caddy[2674]: runtime.Compiler=gc
Jun 23 17:56:13 budibase01 caddy[2674]: runtime.NumCPU=4
Jun 23 17:56:13 budibase01 caddy[2674]: runtime.GOMAXPROCS=4
Jun 23 17:56:13 budibase01 caddy[2674]: runtime.Version=go1.18.1
Jun 23 17:56:13 budibase01 caddy[2674]: os.Getwd=/
Jun 23 17:56:13 budibase01 caddy[2674]: LANG=C.UTF-8
Jun 23 17:56:13 budibase01 caddy[2674]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Jun 23 17:56:13 budibase01 caddy[2674]: NOTIFY_SOCKET=/run/systemd/notify
Jun 23 17:56:13 budibase01 caddy[2674]: HOME=/var/lib/caddy
Jun 23 17:56:13 budibase01 caddy[2674]: LOGNAME=caddy
Jun 23 17:56:13 budibase01 caddy[2674]: USER=caddy
Jun 23 17:56:13 budibase01 caddy[2674]: INVOCATION_ID=5bb705f8b5ab4985bc8842443ae7ca6b
Jun 23 17:56:13 budibase01 caddy[2674]: JOURNAL_STREAM=8:34954
Jun 23 17:56:13 budibase01 caddy[2674]: SYSTEMD_EXEC_PID=2674
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3281395,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:""}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“warn”,“ts”:1656003373.328975,“msg”:“Caddyfile input is not formatted; run the ‘caddy fmt’ command to fix inconsistencies”,“adapter”:“caddyfile”,“file”:"/etc/caddy/Caddyfile",“line”:12}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3295045,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“tcp/localhost:2019”,“enforce_origin”:false,“origins”:["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3296645,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc00037b180”}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3298862,“logger”:“http”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.329906,“logger”:“http”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3407097,“logger”:“pki.ca.local”,“msg”:“root certificate is already trusted by system”,“path”:“storage:pki/authorities/local/root.crt”}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3409925,“logger”:“tls”,“msg”:“cleaning storage unit”,“description”:“FileStorage:/var/lib/caddy/.local/share/caddy”}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3410025,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“budibase01.flosel.prv”]}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“warn”,“ts”:1656003373.3416784,“logger”:“tls”,“msg”:“stapling OCSP”,“error”:“no OCSP stapling for [budibase01.flosel.prv]: no OCSP server specified in certificate”,“identifiers”:[“budibase01.flosel.prv”]}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3419385,“msg”:“autosaved config (load with --resume flag)”,“file”:"/var/lib/caddy/.config/caddy/autosave.json"}
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3420558,“msg”:“serving initial configuration”}
Jun 23 17:56:13 budibase01 systemd[1]: Started Caddy.
Jun 23 17:56:13 budibase01 caddy[2674]: {“level”:“info”,“ts”:1656003373.3425992,“logger”:“tls”,“msg”:“finished cleaning storage units”}

Caddy starts but is not serving the certificate.

Can you help me?
Thank you
Jose

8

Your logs look all good.

What do you mean “not serving the certificate”? Please be specific about the behaviour you’re seeing.

9

Francis,

Caddy is working now. Aafter doing the alterations you told me to it still remained a stupid mistake, TCP 443 port was closed on firewall. Now everything works, https and reverse proxy.

Thank you very much for your help

1 Like
10

Just two more doubts,

  • the certificate is only valid for one day
  • http → https redirection is not being made
11

Correct. That’s on purpose. You should install Caddy’s root CA cert on any devices that need access to your server.

Again, please show evidence. I can’t help if you don’t actually show what’s happening. Make a request with curl -v to show what’s happening.

1 Like
12

Hello Francis,
Redirection is being made, I just had a temporary problem with Firefox.

Thank you for all. As a conclusion, Caddy is a great software and, after all, very easy to use.

Yours
José

2 Likes
13

This topic was automatically closed after 30 days. New replies are no longer allowed.